Pre-lab

Learning Objectives:

After completing this module, students will be able to:

1. Describe Deepfake Phishing

2. Describe the threat of AI on Cybersecurity through Deepfake Phishing

3. Identify the ways in which Generative AI could attack a neural network through phishing

4. Identify the solutions to Deepfake Phishing attacks

5. Use Google Colab to simulate the Deepfake Phishing attacks and solutions to them

6. Apply one of the algorithms defined in this module for independent study

What is deepfake phishing?

Deepfake phishing is a type of security attack that is aimed towards users to scam them into revealing or providing their private data for malicious purposes. In a typical deepfake phishing scam, "a malicious actor leverages deep learning technology to impersonate the voice and/or appearance of at least one person a recipient would trust" (University of Florida). An example of this scam is provided in Figure 1. 

How does AI make deepfake phishing worse?

The use of Generative AI in deepfake phishing would have the ability to further threaten a system through its sophisticated algorithms. It could "generate context-aware phishing content, mimic writing styles, and automate social engineering attacks at scale" (Tigera). This means that it would be much more difficult to mitigate attacks and differentiate between a scam and reality. 

What are the algorithms that Generative AI uses to cause deepfake phishing?

In a neural network, there are several algorithms that Generative AI could use to simulate deepfake phishing attacks. Recall the various methods for Generative AI to improve Cybersecurity learned in the previous modules. Many of them could also be exploited to develop deepfake phishing attacks.  In particular, GANs and VAEs could be used to simulate the attacks.

How does GAN simulate deepfake phishing attacks?

Generative Adversial Networks are very good at generating realistic data, which could be exploited to create deepfake content. Recall that they create new data based on existing data and contains a discriminator, which distinguishes between the false and real. Note that any data fed into the algorithm will come out with similar, but not the same characteristics. Malicious developers could leverage this to create fake, but realistic data to fool users. In a phishing attack, GANs can generate fake media content that is sent through network traffic to convince a user to click on a malicious link or share sensitive data.

There are several ways to prevent these types of attacks. On the side of a developer, using behavioral biometrics or multi-factor authorization in GANs could make it harder for attackers to exploit deepfake generated content. However, if the data is already generated, then creating a CNN-based deepfake detection or any other anomaly detection algorithm would be more suitable.

What are CNNs?

A Convolutional Neural Network is one often used in deep learning algorithms. Neural networks typically consist of "node layers, containing an input layer, one or more hidden layers, and an output layer" (IBM). Layers in CNNs are mainly the convolutional layer, pooling layer, and fully connected layer (Figure 2). The convolutional layer is used to capture spatial features through filtering operations. The pooling layer is used to down sample data while retaining important features. The fully connected layer flattens the output of the features and classifies them.

For deepfake detection, CNNs are ideal since they can analyze data for inconsistencies indicative of GAN-generated content.

How does VAE simulate deepfake phishing attacks?

Recall that a Variational Autoencoder is another anomaly detection algorithm that generates novel data based on an initial dataset with a variational component added to it. VAEs could be used to generate phishing emails that can be distributed through email servers or sent via malicious users on the network, making them appear as routine traffic. This phishing attack would be difficult to pin-point, but Natural Language Processing (NLP) models in combination of anomaly detection could be the best way to analyze the traffic. 

What are NLPs?

Natural Language Processing is a "machine learning technology that gives computers the ability to interpret, manipulate, and comprehend human language" combining "computational linguistics, machine learning, and deep learning models" (AWS). It consists of several pre-processing tasks that include tokenization, stemming and lemmatization, and stop word removal.

The tokenizing works by "breaking a sentence into individual units of words or phrases" (AWS). In email network traffic, it would be splitting an email into components such as word choice, tone, and sentence structure. Stemming and lemmatization is the process of "simplifying words into their root form" (AWS). In an email phishing scam, this could signify simplification of certain words so that they are easier to comprehend from the system. Lastly, the stop word removal "ensures that words that do not add significant meaning to a sentence... are removed" (AWS). This allows that the phishing emails are analyzed quickly and effectively, deleting anything that is not giving significant insight. 

After the preprocessing is done from the NLP model, the resulting data would be analyzed with a generative AI anomaly detection program to find the deepfake phishing scams.

Key Terms:

1. Anomaly Detection: A technique used in cybersecurity to identify unusual patterns or behaviors within a dataset that may indicate a security threat.

2. Convolutional Neural Networks (CNNs): a type of deep learning model known to process and recognize patterns by applying convolutional layers that detect significant features.

3. Deepfake Phishing: A type of phishing attack that uses AI-generated content (such as videos, audio, or text) to create convincing forgeries of trusted entities. 

4. Generative Adversial Networks (GANs): a type of AI model that consists of two parts: a generator and a discriminator. The generator tries to create fake data that looks like real data), and the discriminator tries to figure out if the data is real or fake.

5. Generative AI: A type of artificial intelligence that can generate new data that mimics the data it was trained on, often used in applications like content creation, data synthesis, and simulation.

6. Natural Language Processing (NLP): A machine learning model known to process and understand the human language. It can do several pre-processing tasks that may be further used for anomaly detection.

7. Variational Autoencoders (VAEs): a model that compress data (like network traffic) into a simpler form (called a latent space) and then tries to recreate the original data from this compressed version.

References:

1. "Deepfake Phishing." Information Technology - University of Florida. (n.d.). https://it.ufl.edu/security/learn-security/deepfakes/deepfake-phishing/ 

2. "Generative AI Security Risks." Tigera. June 6, 2024. https://www.tigera.io/learn/guides/llm-security/generative-ai-security-risks/#:~:text=Generative%20AI%20can%20be%20a%20tool%20in%20creating,traditionally%20rely%20on%20recognizing%20patterns%20of%20known%20malware. 

3. IBM. "What are convolutional neural networks?" IBM. October 2, 2024. https://www.ibm.com/topics/convolutional-neural-networks 

4. Saha, S. "A comprehensive guide to Convolutional Neural Networks - the eli5 way." Medium. November 16, 2022. https://towardsdatascience.com/a-comprehensive-guide-to-convolutional-neural-networks-the-eli5-way-3bd2b1164a53 

5. "What is NLP? - natural language processing explained" AWS. (n.d.). https://aws.amazon.com/what-is/nlp/